From c1b698e4181002eeecdb5988ea767cae67a83a49 Mon Sep 17 00:00:00 2001 From: joey Date: Thu, 8 Mar 2007 06:03:59 +0000 Subject: [PATCH] * The underscore escaping support exposed a bug in edit links: Such links were titlepage escaped in the urls, and then doubly escaped by the CGI when editing. To fix this, I removed the titlepage escaping in the edit urls. * That means that *every edit link* on the wiki is potentially changed. Rebuilding wikis on upgrade to this version therefore necessary; enabled that in postinst. --- IkiWiki.pm | 10 ++++++++-- IkiWiki/CGI.pm | 13 +++++-------- IkiWiki/Plugin/inline.pm | 2 +- IkiWiki/Render.pm | 2 +- debian/NEWS | 20 ++++++++++++++------ debian/changelog | 9 ++++++++- debian/postinst | 2 +- po/ikiwiki.pot | 30 +++++++++++++++--------------- 8 files changed, 53 insertions(+), 35 deletions(-) diff --git a/IkiWiki.pm b/IkiWiki.pm index 0ed52aeae..85710c5ff 100644 --- a/IkiWiki.pm +++ b/IkiWiki.pm @@ -5,6 +5,7 @@ use warnings; use strict; use Encode; use HTML::Entities; +use URI::Escape; use open qw{:utf8 :std}; use vars qw{%config %links %oldlinks %oldpagemtime %pagectime %pagecase @@ -385,7 +386,8 @@ sub linkpage ($) { #{{{ sub cgiurl (@) { #{{{ my %params=@_; - return $config{cgiurl}."?".join("&", map "$_=$params{$_}", keys %params); + return $config{cgiurl}."?". + join("&", map $_."=".uri_escape($params{$_}), keys %params); } #}}} sub baseurl (;$) { #{{{ @@ -453,7 +455,11 @@ sub htmllink ($$$;@) { #{{{ if (! grep { $_ eq $bestlink } map { @{$_} } values %renderedfiles) { return $linktext unless length $config{cgiurl}; return " "create", page => lc($link), from => $page). + cgiurl( + do => "create", + page => pagetitle(lc($link), 1), + from => $page + ). "\">?$linktext" } diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm index aeccd31ac..05f4c6e0f 100644 --- a/IkiWiki/CGI.pm +++ b/IkiWiki/CGI.pm @@ -286,10 +286,9 @@ sub cgi_prefs ($$) { #{{{ } } #}}} -sub cgi_editpage ($$;$) { #{{{ +sub cgi_editpage ($$) { #{{{ my $q=shift; my $session=shift; - my $blogpost=shift; my @fields=qw(do rcsinfo subpage from page type editcontent comments newfile); @@ -323,9 +322,6 @@ sub cgi_editpage ($$;$) { #{{{ # characters. my ($page)=$form->field('page'); $page=titlepage(possibly_foolish_untaint($page)); - if ($blogpost) { - $page=~s/(\/)/"__".ord($1)."__"/eg; - } if (! defined $page || ! length $page || file_pruned($page, $config{srcdir}) || $page=~/^\//) { error("bad page name"); } @@ -362,7 +358,7 @@ sub cgi_editpage ($$;$) { #{{{ $form->field(name => "from", type => 'hidden'); $form->field(name => "rcsinfo", type => 'hidden'); $form->field(name => "subpage", type => 'hidden'); - $form->field(name => "page", value => $page, force => 1); + $form->field(name => "page", value => pagetitle($page, 1), force => 1); $form->field(name => "type", value => $type, force => 1); $form->field(name => "comments", type => "text", size => 80); $form->field(name => "editcontent", type => "textarea", rows => 20, @@ -686,6 +682,7 @@ sub cgi (;$$) { #{{{ } elsif ($do eq 'blog') { my $page=decode_utf8($q->param('title')); + $page=~s/\///g; # no slashes in blog posts # if the page already exists, munge it to be unique my $from=$q->param('from'); my $add=""; @@ -694,9 +691,9 @@ sub cgi (;$$) { #{{{ $add++; } $q->param('page', $page.$add); - # now run same as create, except escape slashes too + # now run same as create $q->param('do', 'create'); - cgi_editpage($q, $session, 1); + cgi_editpage($q, $session); } elsif ($do eq 'postsignin') { error(gettext("login failed, perhaps you need to turn on cookies?")); diff --git a/IkiWiki/Plugin/inline.pm b/IkiWiki/Plugin/inline.pm index 6656a821c..4dbf9f159 100644 --- a/IkiWiki/Plugin/inline.pm +++ b/IkiWiki/Plugin/inline.pm @@ -184,7 +184,7 @@ sub preprocess_inline (@) { #{{{ } if (length $config{cgiurl} && defined $type) { $template->param(have_actions => 1); - $template->param(editurl => cgiurl(do => "edit", page => $page)); + $template->param(editurl => cgiurl(do => "edit", page => pagetitle($page, 1))); } } diff --git a/IkiWiki/Render.pm b/IkiWiki/Render.pm index 80c99e430..990b803de 100644 --- a/IkiWiki/Render.pm +++ b/IkiWiki/Render.pm @@ -79,7 +79,7 @@ sub genpage ($$$) { #{{{ my $actions=0; if (length $config{cgiurl}) { - $template->param(editurl => cgiurl(do => "edit", page => $page)); + $template->param(editurl => cgiurl(do => "edit", page => pagetitle($page, 1))); $template->param(prefsurl => cgiurl(do => "prefs")); if ($config{rcs}) { $template->param(recentchangesurl => cgiurl(do => "recentchanges")); diff --git a/debian/NEWS b/debian/NEWS index 94f88c769..69cbbbd88 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,11 +1,19 @@ +ikiwiki (1.45) unstable; urgency=low + + Wikis need to be rebuilt on upgrade to this version. If you listed your wiki + in /etc/ikiwiki/wikilist this will be done automatically when the Debian + package is upgraded. Or use ikiwiki-mass-rebuild to force a rebuild. + + -- Joey Hess Wed, 7 Mar 2007 23:02:52 -0500 + ikiwiki (1.44) unstable; urgency=low - The htmllink() function has changed slightly and plugins that use it may - need to change how they call it. This function's first three parameters - are unchanged, but additional options are now passed using named - parameters. If you used htmllink with more than 3 parameters, you will - need to change it. The plugin interface version has been increased to 1.02 - to reflect this change. + The htmllink() function has changed slightly and plugins that use it may + need to change how they call it. This function's first three parameters + are unchanged, but additional options are now passed using named + parameters. If you used htmllink with more than 3 parameters, you will + need to change it. The plugin interface version has been increased to 1.02 + to reflect this change. -- Joey Hess Mon, 19 Feb 2007 21:10:12 -0500 diff --git a/debian/changelog b/debian/changelog index 6a9972952..47a1a9423 100644 --- a/debian/changelog +++ b/debian/changelog @@ -18,8 +18,15 @@ ikiwiki (1.45) UNRELEASED; urgency=low * Fix some nasty issues with page name escaping during previewing (introduced in 1.44). * Add a table plugin, derived from the one written by Victor Moral. + * The underscore escaping support exposed a bug in edit links: Such links + were titlepage escaped in the urls, and then doubly escaped by the CGI + when editing. To fix this, I removed the titlepage escaping in the edit + urls. + * That means that *every edit link* on the wiki is potentially changed. + Rebuilding wikis on upgrade to this version therefore necessary; enabled + that in postinst. - -- Joey Hess Wed, 7 Mar 2007 06:26:51 -0500 + -- Joey Hess Wed, 7 Mar 2007 22:58:52 -0500 ikiwiki (1.44) unstable; urgency=low diff --git a/debian/postinst b/debian/postinst index 96572ea62..0096762cf 100755 --- a/debian/postinst +++ b/debian/postinst @@ -4,7 +4,7 @@ set -e # Change this when some incompatible change is made that requires # rebuilding all wikis. -firstcompat=1.29 +firstcompat=1.45 if [ "$1" = configure ] && \ dpkg --compare-versions "$2" lt "$firstcompat"; then diff --git a/po/ikiwiki.pot b/po/ikiwiki.pot index ab6e7cd4c..d6069cb6e 100644 --- a/po/ikiwiki.pot +++ b/po/ikiwiki.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2007-03-07 07:04-0500\n" +"POT-Creation-Date: 2007-03-08 00:56-0500\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -24,33 +24,33 @@ msgstr "" msgid "Preferences saved." msgstr "" -#: ../IkiWiki/CGI.pm:344 +#: ../IkiWiki/CGI.pm:340 #, perl-format msgid "%s is not an editable page" msgstr "" -#: ../IkiWiki/CGI.pm:431 ../IkiWiki/Plugin/brokenlinks.pm:24 +#: ../IkiWiki/CGI.pm:427 ../IkiWiki/Plugin/brokenlinks.pm:24 #: ../IkiWiki/Plugin/inline.pm:172 ../IkiWiki/Plugin/opendiscussion.pm:17 #: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97 #: ../IkiWiki/Render.pm:165 msgid "discussion" msgstr "" -#: ../IkiWiki/CGI.pm:477 +#: ../IkiWiki/CGI.pm:473 #, perl-format msgid "creating %s" msgstr "" -#: ../IkiWiki/CGI.pm:494 ../IkiWiki/CGI.pm:530 ../IkiWiki/CGI.pm:574 +#: ../IkiWiki/CGI.pm:490 ../IkiWiki/CGI.pm:526 ../IkiWiki/CGI.pm:570 #, perl-format msgid "editing %s" msgstr "" -#: ../IkiWiki/CGI.pm:671 +#: ../IkiWiki/CGI.pm:667 msgid "You are banned." msgstr "" -#: ../IkiWiki/CGI.pm:702 +#: ../IkiWiki/CGI.pm:699 msgid "login failed, perhaps you need to turn on cookies?" msgstr "" @@ -363,23 +363,23 @@ msgstr "" msgid "failed to run php" msgstr "" -#: ../IkiWiki/Plugin/table.pm:34 +#: ../IkiWiki/Plugin/table.pm:22 msgid "cannot find file" msgstr "" -#: ../IkiWiki/Plugin/table.pm:59 +#: ../IkiWiki/Plugin/table.pm:45 msgid "unknown data format" msgstr "" -#: ../IkiWiki/Plugin/table.pm:67 +#: ../IkiWiki/Plugin/table.pm:53 msgid "empty data" msgstr "" -#: ../IkiWiki/Plugin/table.pm:77 +#: ../IkiWiki/Plugin/table.pm:73 msgid "Direct data download" msgstr "" -#: ../IkiWiki/Plugin/table.pm:124 +#: ../IkiWiki/Plugin/table.pm:106 #, perl-format msgid "parse fail at line %d: %s" msgstr "" @@ -520,11 +520,11 @@ msgstr "" msgid "usage: ikiwiki [options] source dest" msgstr "" -#: ../IkiWiki.pm:102 +#: ../IkiWiki.pm:103 msgid "Must specify url to wiki with --url when using --cgi" msgstr "" -#: ../IkiWiki.pm:149 ../IkiWiki.pm:150 +#: ../IkiWiki.pm:150 ../IkiWiki.pm:151 msgid "Error" msgstr "" @@ -532,7 +532,7 @@ msgstr "" #. translators: preprocessor directive name, #. translators: the second a page name, the #. translators: third a number. -#: ../IkiWiki.pm:567 +#: ../IkiWiki.pm:573 #, perl-format msgid "%s preprocessing loop detected on %s at depth %i" msgstr ""